Remote Access systems for consumer vehicles have become a popular, if not essential, feature of most vehicles sold today. Nearly every vehicle on the market for the past several years has included some form of keyless entry as either a standard feature or add-on option. Consumers with older vehicles without remote access systems have been able to retrofit their vehicles with aftermarket systems.
The technologies behind these systems have evolved rapidly with remote systems moving from low security fixed codes with simple transmission schemes to high security encrypted rolling codes with advanced transmission protocols. Developers of these systems, both original equipment manufacturer (“OEM”) and aftermarket, have been constantly refining and improving their offerings to take advantage of improvements in technology. Over time, the numerous designs and platforms, coupled with rapidly changing security technologies, have resulted in a great variety of remote devices and systems that are almost universally incompatible across vehicle brands or makes and even between different year and models of vehicles.
Contemporary remote keyless entry (“RKE”) systems are designed to be easy to use and secure from attackers. When a user presses a button on his or her keyless remote, or “RKE device”, an internal microprocessor interprets the request and generates a unique packet of binary data. This packet may contain a unique serial number of the remote, an authentication string, function code, and various checksums. This data packet is then transmitted by the remote via an ultra-high frequency (UHF) radio signal to the vehicle. The user's vehicle can then process the data verifying the remote is authorized and perform the requested action (ex: unlocking a door).
The transmitted radio signal could be monitored by possible attackers, so the authentication string is important in maintaining the security of the vehicle. The authentication string often changes with each button press in what is known as a “rolling code”. This rolling code prevents an attacker from simply copying and replaying an earlier transmission from the same remote. To prevent an attacker from gathering many samples of the rolling code for analysis, the rolling code is often encrypted with a cipher which completely scrambles the authentication value. In order to process these complex and constantly changing values, the vehicles must share the encryption key used by the remote, the algorithm used to generate the rolling code, and the method for synchronizing to the rolling code.
Additionally, starting in the early 1990s, cars began incorporating “immobilizer systems” that utilized security transponder technology. Transponders are small self-contained, or “discrete”, plastic or glass inserts that are typically embedded into the head of a key, forming a “transponder key”, and which supplement the security of a cut key blade alone. Transponders include an embedded microprocessor and loop of wire, or “transponder coil”, and require no battery as they are powered by mutual inductive coupling of a low frequency radio signal, or “LF Field”, delivered from the vehicle's “LF Coil”, a loop of wire around the vehicle's ignition cylinder. When a driver starts his or her car, the key blade activates the ignition and the car simultaneously “reads” the transponder via the LF Coil to verify the key is authorized to start the car. If the transponder does not “respond” with a valid code (e.g., in the case of hot-wiring a car), the car will become immobilized, resulting in the car either not starting at all or shutting itself off a few seconds after starting.
Security transponder evolution has mirrored that of RKE systems with the first generation being simple, insecure devices that transmitted a fixed value when interrogated by the immobilizer system. Much like RKE, the communication signals can be easily monitored by an attacker with legally available tools. To avoid replay attacks, transponders quickly moved to more complex encryption, such as HITAG and AES, as well as the use of challenge and response authentication and, in some cases, rolling codes. Transponders are now typically highly secure devices capable of bidirectional communication with the vehicle. With the ability for the car to send data to a transponder, some transponders have the ability to store hundreds of bytes of information about the key and vehicle. This information may comprise secret encryption keys and comfort features such as the last radio station used or electronic seat position.
In addition to combining the discrete transponders with the key blade, manufacturers began to further combine the key blade, transponder, and RKE functionality into a single device, with some further eliminating the discrete transponder by “emulating” the transponder on the microprocessor used to provide the RKE functionality, along with a single transponder coil. These “combination keys” are both cheaper to produce than transponder keys and remotes produced separately, are more secure, and may enable a combined pairing process for a transponder and remote. The RKE portion and transponder portion of the key can share information providing for the transponder to receive rolling code and encryption key updates from the vehicle. Using a combination key with the transponder and RKE system in communication with one another, the rolling code protocols and encryption techniques may become very advanced and unbreakable to all but the most dedicated attacker.
Additionally, starting in the early to mid-2000s, car keys began incorporating “passive” functionality into RKE systems. An RKE device with passive functionality, or “intelligent” key, may combine everything included within a combination key, but additionally combine 2 more transponder coils into a “3D Coil”, each coil oriented in one of three orthogonal planes (x, y, and z). The 3D Coil is used to communicate with multiple vehicle-based LF Coils placed in various locations within the vehicle to enable determination of the position of the key (i.e., user) relative to those various points. Determination of user position enables the passive RKE functionality, which allows the user to push a button on the door handle to unlock the car door when standing beside it, push a button to start the vehicle engine when sitting in the driver's seat, prevent the user from locking their keys in the trunk, or any other feature where key position is a variable needed to support that feature. Unlike the single transponder utilized by the immobilizer system, which must be placed in close proximity to the vehicle's LF coil in order to draw power and communicate, the intelligent key must be self-powered by a battery in order to communicate at a much further distance.
Because the intelligent keys require an operable battery within the key, an “Emergency LF Coil” in communication with the vehicle's immobilizer system remains within most vehicles to provide a user of an intelligent key with an inoperable battery a “fail-safe” method of starting and driving the vehicle. To support the fail-safe, the Emergency LF Coil is located within the vehicle, in close proximity to the driver's seat, and powers and communicates with a either a discrete transponder or emulated transponder via one of the three coils within the 3D Coil. Once the immobilizer system is satisfied that the transponder is authorized, the car may be started. To start the car, some vehicles allow the pressing of the “Start” button while others require the turning of a bladed “Emergency Key”.
Due to this high margin of security, modern keys are not something the lay person could replace or add to their vehicle easily. To pair such keys to a car typically requires both a locksmith to cut the blade, if so equipped, and specialized programming tools, unavailable to the public, to pair the transponder and RKE device with the vehicle. Often the vehicle dealer is the only source for keys and pairing tools which leads to high prices for replacement keys/remotes.
Given the complexity of car keys and systems today, automotive key duplication is a complex and expensive process. Car owners may have a difficult time finding replacement keys, especially for older vehicles that may no longer be supported by the original manufacturer or automotive dealership.
Once a vehicle owner has located a source for a new key, they must purchase the device and then pay for a locksmith to “pair” the product to the vehicle. This “pairing” process usually involves the use of an expensive dealer owned programming tool or an aftermarket programming tool. In the pairing process, these tools usually connect to the on-board diagnostics (“OBD”) port on the vehicle and communicate with various systems within the vehicle to generate a series of encrypted numerical sequences that are combined in various ways to generate unique vehicle codes that are used to authenticate the key as “trusted” by the vehicle. Generally, this conversation between the tool and the vehicle includes a security transponder, the vehicle electronic control unit (“ECU”) or body control module (“BCM”), and the RKE device. If this process is not executed properly or a programming fault occurs, it is possible the vehicle will not start or respond properly to the RKE device. In limited situations, a very expensive process to reset the ECU or BCM of a vehicle must be performed.
As stated above, the process of pairing keys to a vehicle, even by a locksmith, may be a complicated, costly and time-consuming process. Often, only car dealerships have the capability and the costly programming equipment required to pair a key. Therefore, the dealership will charge a premium for this service. As an alternative to having to go to the dealership, lower cost OBD devices have been developed to more cheaply and conveniently pair a key to a vehicle.
Many of these existing key pairing devices must be connected either directly or remotely to external computers or smart devices in order to function, i.e., pair a key with a vehicle. These external computing devices run software pairing algorithms to enable pairing to a wide range of vehicle makes, models, and years. To enable key pairing on select vehicles, these existing key pairing devices typically contain “security access” algorithms embedded within the device itself or stored within or activated by an externally connected device. These security access algorithms may contain secret authentication codes or sequences, initially only known by the OEM, needed to place these select vehicles into a mode that allows key pairing. The existing external computing devices and programming software may also automate some of the pairing process. Solutions of this type, ones that require both an OBD device and an external device, are not true standalone devices. Some OBD devices used in existing key pairing solutions are able to automatically sense and adjust to one of a set of communication protocols such as ISO 11898-4, ISO 15765-4, or SAE J2284/3. Other OBD devices may have the capability to store data about the vehicle such as diagnostic information or information pertaining to various vehicle modules during the pairing process. OBD programming devices may also utilize display elements such as LEDs or LCD screens to provide detailed feedback to the user about the status of the pairing process.
Existing OBD device-based solutions may cause undesired results for the customer if left plugged into the OBD port, either accidentally or intentionally. These undesired results may include the following: physical damage to the vehicle's OBD connector due to shear, compression, or torsion forces between the vehicle's OBD connector and the OBD device; electrical damage to the vehicle's OBD connector or OBD bus due to a weakly designed electrical interface on the OBD device; and draining of the vehicle's battery due to power consumption of the OBD device. In addition to the customer impacts for an individual user, widespread issues with existing OBD systems may result in product liability insurance claims, affecting the reputation and/or profit of the manufacturer of the OBD device.
It may also be desirable to verify that a user of a key pairing device is the owner of a vehicle that the user is attempting to pair a new or replacement vehicle key with.
It may also be desirable to limit the number of uses a key pairing device can be used to pair a key to a vehicle.
What is needed is a system for automatically pairing a vehicle key with a vehicle that addresses the shortcomings of existing OBD-based solutions. What is needed is a truly stand-alone, relatively inexpensive device that does not require connection to any external device, other than to the vehicle itself, to complete a paring process and that keeps the user informed of the status of the pairing process. What is needed is a method of verifying that the user attempting to pair a vehicle key with a vehicle is an authorized owner or user of that vehicle.